I’ve received some interesting opportunities recently to interview some of the nation’s top security information experts. As a result, this article is the first of four in a series that will talk about privacy issues.
Today’s article deals with hackers and the fact that more than 70 million consumers have been impacted by the security breaches on Target, Neiman Marcus, Home Depot, and others this past year.
With the holiday season fast approaching, it’s a good time to understand the face behind the hacking mask.
Kelly Yee, vice president of Penango, a secure webmail and encryption company, answered some of the questions I had about hackers. She has more than 15 years of experience in the data availability sector selling Quantum, EMC, and more.
Here are excerpts from the interview:
StorageCraft: What does a hacker really look like?
Yee: Attackers come in a range of shapes and sizes. An attacker can be anyone from a teen from Kansas to a middle age adult in China.
StorageCraft: What motivates hackers to attack?
Yee: The motivation is different for each hacker. For example, for the teen in Kansas, it is to earn street cred, to show that he has the chops and the technical acuity to be able to get into a system. For others, there may be monetary gain from stealing important information, like credit card information, and then selling it to the highest bidder. In some cases, where we hear about corporate attacks, competitors can sometimes be loosely associated with the attack.
StorageCraft: How do they use that “snatched” data to get money in the black market?
Yee: In a case of stolen identities, an attacker may sell a bulk of stolen identities to the highest bidder. Black markets have become a sophisticated enterprise, and selling massive amounts of individual’s data in the black market has become the new product to steal and sell. Nowadays, one rarely sees a waitress stealing credit card information and going to Bloomingdales’s to buy new clothes. Instead, it has become more common for an attacker to steal credit card information from Target and sell 50,000 customers’ information to the highest bidder on the black market.
StorageCraft: Knowing that, then how can consumers better recognize a hacker?
Yee: Attackers still send out massive emails and make phone calls to consumers and ask them for credit card information to in order to confirm a transaction. If this was ever to happen, one must not give the information out or never click on the link (which might enable a virus or spyware on a user’s computer). If it is a phone call, individuals should tell the caller that they will call the company themselves in order to confirm that there was an issue. If users receive an email, then under no circumstances should they click on the link. Instead, users should open a new browser window and log on to the website of the company to check up on any issues they might have.
There are several ways that users can protect themselves from an attacker who sends a malicious email from a friend’s account. For example, take the occasional email from a friend asking for money claiming that they are stuck in India: Authenticated email is one of the easiest, most efficient ways to protect oneself, from these kinds of malicious emails.
If both parties had authenticated email, then it would be easy to notice that email did not truly come from a friend, but an imposter. Penango offers this kind of authenticated encrypted webmail and can be used with major email providers like Gmail. It is also free to consumers.
StorageCraft: What kinds of companies are most vulnerable to attacks?
Yee: We cannot answer this question, because as consumers, we do not know what kind of security measures each individual company uses. Nor would any company share this type of information as this a liability, and attackers would love to get their hands on this kind of information.
StorageCraft: Is the holiday season considered the time when most hackers strike? Why is that?
Yee: It is during the holiday season that consumers do the most online shopping, and most likely don’t check their bank accounts for errors. In fact, a consumer may not want to see all the “damage” they have done shopping for the holiday season!
StorageCraft: How can companies protect themselves — and as a result their consumers — from hackers during the holiday season?
Yee: First, consumers should check their credit card statements at least once a month. It takes only a few minutes, and it’s easy to recognize a transaction that is not familiar. Credit card companies are fairly easy to work with if they spot suspicious activity and generally, individuals will see the charge removed quickly.
Second, credit card companies are federally required to have policies in place to help their users when an attack occurs. For this reason, consumers should use their credit card, and not their debit card — which may be harder to recover money back.
Lastly, some people prefer to use cash to protect themselves from hackers altogether. However, doing this may affect consumers in other ways: They can easily lose money. Returns may be harder without a receipt. Also, some credit card companies have extended warranties or return policies, so take advantage of those benefits.
Yee provides some great tips on how to keep your information safe as you shop this holiday season. And as hard as it might be to not want to check out the damage you did to the credit card, it can’t be as bad as knowing someone went shopping on your dime.
Photo Credit: Lok Leung via Flickr